Senate Cyber-security Bill Set for Markup

The latest version eliminates earlier concerns granting the president kill-switch powers in the case of a national cyber-security emergency.

After months of
revisions, Sens. Jay
Rockefeller (D-WVa) and Olympia Snowe (R-ME) released their latest
Cybersecurity Act 2010, which would address the nation's flagging
cyber-security efforts. The Senate Commerce is expected to mark up the
legislation March 24.

The legislation is
the culmination of nearly a year's worth of consultation and input
from cyber-security experts in the private sector, government and civil
liberties community.

"The networks that
American families and businesses rely on for basic day-to-day activities
are being hacked and attacked every day. At this very moment,
sophisticated cyber-enemies are trying to steal our identities, our
money, our business innovations and our national security secrets,"
Rockefeller said in a statement. "This 21st century threat calls for a
robust 21st century response from our government, our private sector and
our citizens. Private companies and the government must work together
to protect our nation, our networks and our way of life from the growing
cyber-threat."

The legislation
provides a framework for engagement and collaboration between the
private sector and government on cyber-security while addressing earlier
concerns about civil liberties, proprietary rights and confidential and
classified information. The
bill does not criminalize
any conduct, contain any criminal law provisions or
provide any resources for law enforcement agencies.

It does require a report ad
promotes cyber-security public awareness, education and research and
development.

"The Rockefeller-Snowe
initiative seeks to bring new high-level governmental attention to
developing a fully integrated, thoroughly coordinated public-private
partnership," said Snowe. "It is imperative that the public and private
sectors marshal our collective forces in a collaborative and
complementary manner to confront this urgent threat."

Nearly 90 percent of the
nation's networks are owned and operated by the private sector, and
Rockefeller and Snowe said requiring cyber-security must be a collaborative
effort between the public and private sector.

The bill requires the
president to collaborate with owners and operators of critical
infrastructure IT systems, through the existing sector coordinating
councils, to develop and rehearse detailed cyber-security emergency
response and restoration plans. The explicit purpose of this section is
to clarify roles, responsibilities and authorities of government and
private sector actors in the event of a cyber-security emergency that
threatens strategic national interests.

The president's declaration
of a cyber-security emergency would trigger the implementation of the
collaborative emergency response and restoration plans.

There is nothing, however,
in the bill authorizing new or expanded presidential authorities. To
establish greater accountability for the president's actions during a
declared emergency, the bill also requires the president to report to
Congress in writing within 48 hours of the declaration of a
cyber-security emergency regarding the circumstances necessitating the
declaration and the estimated scope and duration of the emergency.